Friday Jul 11, 2014

If you have a CSI number, then you are eligible for technical support for your Oracle products using the My Oracle Support (MOS) portal.

With the rollout of My Oracle Support 14.3 on July 18, 2014, there will be changes to certified browsers.

If your browser is not upgraded, you may encounter issues or receive unexpected results and the solution will be to move to the certified browser. Fixes will not be generated for browsers that are no longer supported.

Check your browser version before July 18 to minimize any adverse impact later, when you do need to use MOS for any research or to file an SR.

A personalized profile can help to build up a good reputation. Besides the experience counter, a good name, details about your location and business experience are valuable details. Although a little bit hidden, the profile's avatar can be customized, too. The profile's avatar is an eye catcher and can act as an unique visual representation for you.

How to add / modify MOSC profile avatar (picture, icon) ?

Don't look in Edit Profile section.

After login, click on your profile's name on top right.

This lists all public information as part of the Bio section.

Select the Activity tab.

The Change Avatar link is on same level at far right.

A list of predefined symbolic pictures is populated.

Choose from the list of existing pictures or try Add Another to
upload an image file from your local computer (JPG, PNG, GIF, or BMP only, maximum file size
of 2.0 MB).

Note: New added images can be used only after running through a review process. Usually after one business day they can be selected for your personal avatar.

Wednesday May 21, 2014

What is found among the nooks and crannies, in dark corners, can be exciting and sometimes dangerous.

While diving in Monterey, off the coast of California, my husband was poking around a jetty, motioned to me to come see a moray eel whose mouth was slowly opening and closing. He assured me it was not warning me to swim away as fast as I could, but that it was sleeping, breathing rhythmically with the motion of the waves above. Just an arm's length was visible, the tip of the iceberg, if you will, as these animals are scary long. He's a Divemaster, but I'm not convinced that makes him all that much more cautious among the critters, as one time he surfaced in a herd of barking sea lions.

Another time we were diving in Hawaii and he and our young son went into a cave to get a closer look at a shark that he, yet again, assured me was asleep, despite its swimming back and forth at the back of the cave, clearly alert as it was not crashing into anything. The sea turtle just outside the cave that was floating on the sandy bottom I KNEW was asleep as it wasn't moving at all, just enjoying the massage from little fish picking gunk off its shell, and that's where I chose to position myself in case the shark attacked and I had to swim for help.

A few months ago, one of my colleagues was poking around the innumerable internal wiki pages with the help of our Dev contact (our "Devmaster"?), but instead of finding something threatening, he found a pirate's treasure. Oracle OAM Development had put together an impressive collection of Cloud troubleshooting wikis that have concrete steps to follow, showing what to expect, what is problematic and what isn't.

Over the course of a month, several of us converted the wikis into about 30 Knowledge Base articles that we now bring to you. There are flowcharts with boxes to click on, and you can go back up a level or back to the top article.

Tuesday May 06, 2014

It's a remarkable tool that keeps evolving, with new files added to give you a comprehensive look at your environment. Our Support Engineers use it to get a quick, accurate picture of your system without all the back and forth it would otherwise take for you to run commands and to collect necessary files used to troubleshoot and solve problems.

But because it changes and grows, with lots of modules and profiles, it can be hard to find what you're looking for. We constantly strive to improve its usability, most recently completing a project to reduce the number of questions you are asked when running it.

So, for Oracle Identity Manager (OIM), we are announcing a Cheat Sheet listing navigation to the most commonly referenced files, so that you can find what you're looking for more easily.

Let us know what you think! Do you have other files that you often use, but may have trouble finding in an RDA? We will add it to the Cheat Sheet.

Tuesday Apr 22, 2014

Oracle
Identity Manager 11g incorporates several clustering technologies in
order to ensure high-availability across its different components.
Several of these technologies use multicast to discover other cluster
nodes on the same subnet. For testing and development purposes, it is
common to have multiple distinct OIM environments co-existing on the
same subnet. In that scenario, it is essential that the distinct
environments utilise separate multicast addresses, so that they do not
talk to each other – if they do, they will confuse one another, and many
things can go wrong. This problem is less common with production
environments, since best practice dictates that the production
environment should be on a separate subnet from development and test,
and multicast traffic cannot transverse subnet boundaries without
special configuration.

Overview of OIM Clustering

Here’s a rough diagram of the clustering components inside OIM:

Quartz Scheduler Cluster

Data Caching Cluster

EclipseLink(11.1.2.0.x and earlier only)

OSCache

Application Server Cluster
(WebLogic or WebSphere)

There are three basic layers of clustering in OIM:

Application Server Clustering: This is the
clustering layer of the underlying Java EE Application Server (Oracle
WebLogic or IBM WebSphere). This is responsible for replication of the
JNDI tree, EJBs, HTTP sessions, etc.

Data Caching: This provides in-memory caching of
data to improve performance, while ensuring that database updates made
on one node are propagated promptly to the others. OIM uses OSCache
(OpenSymphony Cache) as the underlying technology for this.

Scheduler Clustering: This is used to ensure that
in a cluster each execution of a scheduled job only runs on one node.
Otherwise, if a job is scheduled to start at 9am, every node in the
cluster might try to start it at the same time, resulting in multiple
simultaneous executions of that job

Clustering layers present in older versions only

In OIM 11gR1, and 11gR2 base release, OIM used EclipseLink data
caching, which included its own multicast clustering layer. From OIM
11.1.2.1.0 onwards, while EclipseLink is still being used for data
access, its caching features are no longer used, so this form of
multicast clustering is no longer present.

As well as using JGroups for OSCache, OIM 9.x also used JGroups for a
couple of additional functions (forcibly stopping scheduled tasks and
diagnostic dashboard JMS test.) In OIM 11g, JGroups is now used for
OSCache only.

Multicast is only used to find other nodes
in the cluster. With WLS, JNDI connections are opened between the nodes
for the cache coordination traffic. On WebSphere, RMI is used instead.

OSCache

Multicast using JGroups package

Quartz Scheduler

Database tables

Unlike other clustering components, Quartz
does not use direct network communication between the nodes. Database
tables are used for inter-cluster communication

Relevant Configuration Settings

I’m only going to talk about the OIM-specific clustering settings
here. So I won’t go into the configuration of the WebLogic/WebSphere
clustering layer, only the data cache and scheduler clustering layers.
All configuration relevant to these can be found in the
/db/oim-config.xml file in MDS. So let’s discuss the settings in this
file which are relevant to clustering.

Setting

Explanation

<cacheConfig clustered=”…”>

Must be set to true in a clustered install, and false for a single-instance install. This controls whether OSCache operates in a clustered mode.

<cacheConfig>/<xLCacheProviderProps multicastAddress=””>

Multicast address which is used for
OSCache. (Also used by EclipseLink in versions 11.1.2.0.x and earlier;
the same address is used for both.) Make sure this address is unique for each distinct OIM environment on the same subnet.

<xLCacheProviderProps>/<properties>

Can be used to manually override JGroups configuration used by OSCache. Not recommended.

<schedulerConfig clustered=”…”>

Must be set to true in a clustered install, and false for a single-instance install.

<schedulerConfig multicastAddress=”…”>

In OIM 9.x, JGroups was used to forcibly
stop jobs. In OIM 11g, a different mechanism is used instead. This
configuration setting is a left-over from OIM 9.x, and is now ignored.
However, to avoid confusion, it is recommended to set this to the same multicastAddress as the xLCacheProviderProps above.

<deploymentConfig>/<deploymentMode>

In a clustered install, should be set to clustered; in a single instance, should be set to simple. This is used to control whether EclipseLink operates in a clustered mode.

<SOAConfig>/<username>

As its name implies, this is the username used by OIM to login to SOA. However,
in OIM 11.1.2.0.0 and earlier, it also serves an additional purpose –
on WebLogic, this username is used by EclipseLink clustering for
inter-node communication. By default, this is weblogic; if you
have renamed the weblogic user, you must change it; you are free to use
another user if you wish, so long as they are a member of the Administrators group. (On WebSphere, this user is used for OIM-SOA integration only, not for EclipseLink clustering.)To change this, see “2.6
Optional: Updating the WebLogic Administrator Server User Name in
Oracle Enterprise Manager Fusion Middleware Control (OIM Only)”. (If step 11 in those steps gives you a permissions error, just skip that step.)

<SOAConfig>/<passwordKey>

This is the name of the CSF Credential
which stores the password for the <SOAConfig> user. You should
never change this setting in oim-config.xml from its default of SOAAdminPassword, but you will need to change the corresponding CSF entry whenever you change that user’s password.

What can go wrong

As I’ve mentioned, it is important that you have the correct
clustering configuration for your environment. If you do not, many
things can go wrong. I don’t propose to provide an exhaustive list of
potential problems in this blog post, but just give one example I
recently encountered at a customer site.

This customer was preparing to go live with Oracle Identity Manager
11.1.2.0. As part of their pre-production activities, they needed to
document and test the procedure for periodic change of the weblogic
password. They began by their testing by changing the weblogic password
in one of their development environments. Restarting the OIM managed
server, they saw this message multiple times in their WebLogic log: <Authentication of user weblogic failed because of invalid password>. They also found that the WEBLOGIC user in OIM was locked.

What went wrong here? Well, several things were wrong in this environment:

They had <SOAConfig>/<username> set to weblogic,
but they had not updated the SOAAdminPassword credential in CSF to the
new weblogic password. This customer does not currently use any of the
OIM functionality which requires SOA, so they normally leave their SOA
server down, including for this test. You would think therefore that the
<SOAConfig> would not be relevant to them; but, as I have pointed out above, it is also used for EclipseLink clustering.

Even though their development environments were single instance installs, they all had <deploymentConfig>/<deploymentMode> set to cluster instead of simple. As a result, EclipseLink clustering was active even though it did not need to be.

<cacheConfig>/<xLCacheProviderProps multicastAddress=””>
was set to the same address in multiple development environments on the
same subnet. As a result, even though these environments were meant to
be totally separate, they were formed into a single EclipseLink cluster.

So, what would happen, was that this environment (let’s call it DEV1) at startup would initialise EclipseLink clustering (since <deploymentConfig>/<deploymentMode> is set to cluster.) It would then add itself to the multicast group configured in <cacheConfig>/<xLCacheProviderProps multicastAddress=””>.
At this point, DEV1 becomes visible to the other development
environments (say DEV2 and DEV3). DEV2 tries to login to DEV1 over T3,
using the <SOAConfig>/<username> user (weblogic) and
the SOAAdminPassword password from CSF. However, the weblogic password
having changed, both DEV2 and DEV3 will receive an invalid credential
error, and DEV1 will experience <Authentication of user weblogic failed because of invalid password>. Setting <deploymentConfig>/<deploymentMode> to simple resolved this.

All site content is the property of Oracle Corp. Redistribution not allowed without written permission

Wednesday Apr 09, 2014

Free Learning Sessions on Oracle Fusion Middleware
Each session runs 2 hours and will provide an in-depth look into each topic. There will be demos, a Question and
Answer session as well as a brief overview of next steps for those who require more detailed training.[Read More]

Friday Feb 14, 2014

All the talk on the planet lately is about the Olympics, everyone cheering for the individuals who have dedicated their lives to pushing the human body to its limits. We admire and respect them, sometimes wish we had a fraction of that dedication. There is no quick route to that level of fitness and skill.

Seeing snow on the ground as I look out the window, my thoughts wander toward summer, remembering the color "green", and I begin preparing for a half marathon -- just a few months of training followed by a couple of hours of stress on the race course. There will be no cheering crowd throwing me flowers as I cross the finish line, only satisfaction in achieving a goal that I worked hard for.

Do you spend a lot of time training, not just in your personal life, but also at work?

We just upgraded the MOS Communities (MOSC) to Jive, merged them with the OTN Forums, so now we are together having to learn to navigate the new interface, along with all our other tasks.

One thing that might help you quickly get up to speed with the new MOSC and other features of MOS is this article, that has short videos explaining different MOS features:

Friday Feb 07, 2014

TheMy Oracle Support Community (MOSC) recently
migrated to a new platform with a completely new look and feel and navigation.
There is a series of 5 short videos to help learn the basic features and
get you started. Please seeMy Oracle Support Community - New
Platform Overviewto
start out with the first video. Once done with that video, click on the[Watchthe Next in this series] at the bottom left and it will
automatically take you to the next video in the series. Each video page
has the[Watchthe Next in this series] link to advance to the next
video.

Although it is preferable to
watch the videos in sequence, you can also individually select which videos you
want to watch. For reference, here are the individual links to the five
videos in the series:

Wednesday Jan 29, 2014

IMPORTANT: My Oracle Support Community and OTN Profiles Merge January 31, 2014

Dear My Oracle Support Community User,

On January 31, 2014, we plan to migrate My Oracle Support Community to
the same platform used for the Oracle Technology Network (OTN) forums.
This platform will bring new community features to help make it easier
to find information through a more intuitive interface, and enhance the
way you connect with Oracle experts and industry peers. We have
identified you as a user who has the same email address to access both
My Oracle Support Community and OTN forums. As part of the migration to a
single platform these profiles will be merged and the following will
occur:

Activities and points from both accounts will be combined into a single consolidated account

Your
OTN handle will be preserved and you will continue to use your email
address to access My Oracle Support Community and OTN forums

Your
existing username will become visible to both My Oracle Support
Community and OTN forum members, however, we will set all of your other
profile information to be private

Some of your existing profile information will not be migrated and will need to be re-entered into your new account profile

We
encourage you review your username and profile information once the
migration is complete and make the necessary updates based on your
privacy preferences.

SEPARATE MY ORACLE SUPPORT COMMUNITY AND OTN ACCOUNTS
If you prefer to maintain two separate accounts (one for OTN forums and
the other for My Oracle Support Community), you will need to select a
different email address to access OTN forums and update your OTN
profile. You must take the following action before January 31, 2014:

Log out and log back in to confirm that you are able to log in with the new email address

We
look for forward to enhancing your Oracle community experience and
appreciate your patience as we implement these changes. For more details
about My Oracle Support Community features and enhancements, please
read the My Oracle Support Community Spotlight.

OUD was it's own product (separate certification matrix, download, etc.) until 11.1.2.0.0 when it was merged with the Identity and Access Management 11gR2 release. Since then, there
has been an Identity and Access Management 11.1.2.1.0, and OUD
continues to be part of it. It is also part of the upcoming 11.1.2.2.0
release.

Because OUD previously had its own certification matrix, it is
natural to look for one in current versions, separate from the Identity
and Access Management cert matrices. This is no longer the case.

Friday Dec 27, 2013

As
of January 1, 2014, the above mentioned Oracle products are moving from the
Extended stage of Lifetime Support into the Sustaining stage.

Because product releases supported by Sustaining Support are not fully
supported, information and skills regarding those releases may be limited. The
availability of hardware systems to run such product releases may also be
limited.

About

This is the official blog of the Proactive Support Team for Identity Management: OIM, OAM, OID, OVD, OUD, DSEE, etc. Find information about our activities, publications, product related information and more.